I don't know what I'm doing wrong. I configured this authentication correctly some time before, but this time it's not working.
An I missing something crusial here? For me all looks normal. :( Thanks a lot On Mon, Sep 01, 2008 at 12:42:14PM +0100, Jon Wilson wrote: > Sorry for the misleading information. > > I use censornet and that stopped authenticating to the domain when I > did the upgrade to 3.2.x - I thought you might be suffering the same > issue. > > Jon > > > 2008/9/1 Vinicius Ruoso <[EMAIL PROTECTED]>: > > Hi Jon Wilson, > > > > Really thanks for your fast response. But the "lanman auth = yes" added > > to global directive of my smb.conf don't make any effect on smb_auth > > authentication process. The response still the same. :( > > > > Do you have any other idea of what can be done to fix it? > > Any hope is very welcome. I'm trying to get this work a long time. > > > > 8<------------------------------------------------------------------- > > The following are the man entry to lanman auth: > > It looks like that this option don't affect smbclient requests. > > > > lanman auth (G) > > > > This parameter determines whether or not smbd(8) will attempt to > > authenticate users or permit password changes using the LANMAN > > password hash. If disabled, only clients which support NT password > > hashes (e.g. Windows NT/2000 clients, smbclient, but not Windows > > 95/98 or the MS DOS network client) will be able to connect to the > > Samba host. > > > > The LANMAN encrypted response is easily broken, due to it´s > > case-insensitive nature, and the choice of algorithm. Servers > > without Windows 95/98/ME or MS DOS clients are advised to disable > > this option. > > > > Unlike the encrypt passwords option, this parameter cannot alter > > client behaviour, and the LANMAN response will still be sent over > > the network. See the client lanman auth to disable this for > > Samba´s > > clients (such as smbclient) > > > > If this option, and ntlm auth are both disabled, then only NTLMv2 > > logins will be permited. Not all clients support NTLMv2, and most > > will require special configuration to use it. > > > > Default: lanman auth = no > > > > 8<------------------------------------------------------------------- > > > > > > > >> Since upgrading to 3.2.x I had to enable > >> > >> lanman auth = yes > >> > >> in my smb.conf > >> > >> (thats from memory - you may want to check the man page) > >> > >> It fixed it for me. > >> > >> Jon > >> > >> > >> 2008/8/31 Vinicius Ruoso <[EMAIL PROTECTED]>: > >>> Hi samba community. > >>> > >>> I'm having a problem with the smb_auth authentication method. Everything > >>> looks like normal, but everytime I try to use smb_auth it returns ERR. > >>> > >>> I will show here some commands output to secure that all configuration > >>> is > >>> correct, and if anyone can help me to investigate what's happend I'll > >>> thanks. > >>> > >>> > >>> I'm using: Debian lenny, updated. > >>> > >>> ii samba 2:3.2.3-1 > >>> ii squid 2.7.STABLE3-1 > >>> > >>> XXXXXXXXXX its the correct password. > >>> > >>> 8<---------------------------------- > >>> sek:/home# /usr/lib/squid/smb_auth -W SEKPLASTICOS -U 127.0.0.1 -d > >>> vinicius XXXXXXXXXXX > >>> Domain name: SEKPLASTICOS > >>> Pass-through authentication: no > >>> Query address options: -U 127.0.0.1 -R > >>> Domain controller IP address: 10.0.0.1 > >>> Domain controller NETBIOS name: SEK > >>> Contents of //SEK/NETLOGON/proxyauth: > >>> ERR > >>> 8<---------------------------------- > >>> > >>> But, look at the smbclient command. > >>> > >>> [EMAIL PROTECTED]:~$ smbclient "//SEK/netlogon" XXXXXXXXXXX -c "get > >>> proxyauth > >>> -" > >>> Domain=[SEKPLASTICOS] OS=[Unix] Server=[Samba 3.2.3] > >>> allow > >>> getting file \proxyauth of size 6 as - (5,9 kb/s) (average 5,9 kb/s) > >>> > >>> Running smb_auth with user "vinicius" don't work too. > >>> 8<---------------------------------- > >>> > >>> Some permission and configs: > >>> > >>> 8<---------------------------------- > >>> The smb_auth permissions > >>> > >>> sek:/usr/lib/squid# ls -l /usr/lib/squid/ > >>> total 284 > >>> -rwxr-xr-x 1 root root 15212 Jul 6 06:28 digest_pw_auth > >>> -rwxr-xr-x 1 root root 11636 Jul 6 06:26 diskd-daemon > >>> -rwxr-sr-- 1 proxy shadow 7988 Jul 6 06:28 getpwnam_auth > >>> -rwxr-xr-x 1 root root 10312 Jul 6 06:28 ip_user_check > >>> -rwxr-xr-x 1 root root 17544 Jul 6 06:28 ldap_auth > >>> -rwxr-xr-x 1 root root 5464 Jul 6 06:26 logfile-daemon > >>> -rwxr-xr-x 1 root root 32828 Jul 6 06:28 msnt_auth > >>> -rwxr-xr-x 1 root root 15748 Jul 6 06:28 ncsa_auth > >>> -rwxr-xr-x 1 root root 42216 Jul 6 06:28 ntlm_auth > >>> -rwxr-sr-- 1 proxy shadow 10696 Jul 6 06:28 pam_auth > >>> -rwxr-xr-x 1 root root 9552 Jul 6 06:28 smb_auth > >>> -rwxr-xr-x 1 root root 2287 Jul 6 06:23 smb_auth.sh > >>> -rwxr-xr-x 1 root root 22848 Jul 6 06:28 squid_kerb_auth > >>> -rwxr-xr-x 1 root root 19000 Jul 6 06:28 squid_ldap_group > >>> -rwxr-xr-x 1 root root 5996 Jul 6 06:28 squid_session > >>> -rwxr-xr-x 1 root root 10248 Jul 6 06:28 squid_unix_group > >>> -rwxr-xr-x 1 root root 3732 Jul 6 06:26 unlinkd > >>> -rwxr-xr-x 1 root root 2359 Abr 9 2007 wbinfo_group.pl > >>> -rwxr-xr-x 1 root root 8776 Jul 6 06:28 yp_auth > >>> > >>> > >>> 8<---------------------------------- > >>> The SMB configuration > >>> > >>> sek:/usr/lib/squid# cat /etc/samba/smb.conf > >>> # Samba config file created using SWAT > >>> # from 192.168.0.2 (192.168.0.2) > >>> # Date: 2008/04/04 23:07:20 > >>> > >>> [global] > >>> workgroup = sekplasticos > >>> netbios name = sek > >>> server string = sek > >>> security = user > >>> null passwords = No > >>> encrypt passwords = true > >>> unix password sync = No > >>> unix charset = iso8859-1 > >>> display charset = cp850 > >>> log level = 3 > >>> log file = /var/log/samba_log.%u > >>> keepalive = 20 > >>> socket options = IPTOS_LOWDELAY TCP_NODELAY > >>> logon path = \\sek\sysvol\%U > >>> logon drive = P > >>> domain logons = Yes > >>> os level = 100 > >>> preferred master = Yes > >>> domain master = Yes > >>> local master = Yes > >>> wins support = Yes > >>> ldap ssl = no > >>> comment = Servidor Sek > >>> admin users = vinicius > >>> time server = Yes > >>> hosts allow = 127., 192.168.0., 10.0.0. > >>> > >>> [homes] > >>> comment = Pastas dos Usuarios > >>> browseable = No > >>> writable = Yes > >>> create mask = 0600 > >>> directory mask = 0700 > >>> valid users = %S > >>> > >>> [netlogon] > >>> comment = Compartilhamento de Scripts > >>> path = /home/netlogon > >>> public = Yes > >>> browseable = Yes > >>> writable = Yes > >>> > >>> [sysvol] > >>> comment = System Volume > >>> path = /home/sysvol > >>> writable = Yes > >>> guest ok = Yes > >>> share modes = No > >>> browseable = No > >>> hide files = /desktop.ini/ntuser.ini/NTUSER.*/ > >>> > >>> [publico] > >>> comment = publico > >>> path = /home/publico > >>> guest ok = No > >>> writable = Yes > >>> create mask = 0644 > >>> directory mask = 0777 > >>> public = Yes > >>> > >>> [aplicativos] > >>> comment = aplicativos > >>> path = /home/aplicativos > >>> guest ok = No > >>> writable = Yes > >>> browseable = Yes > >>> create mask = 0600 > >>> directory mask = 0700 > >>> valid users = gilberto > >>> sek:/usr/lib/squid# > >>> > >>> 8<---------------------------------- > >>> The NETLOGON permissions and proxyauth > >>> > >>> sek:/home/netlogon# ls -l > >>> total 4 > >>> -rwxrwxrwx 1 root root 6 Ago 31 17:35 proxyauth > >>> sek:/home/netlogon# ls -ld > >>> drwxrwxrwx 2 root root 22 Ago 31 17:35 . > >>> sek:/home/netlogon# cat proxyauth > >>> allow > >>> 8<---------------------------------- > >>> > >>> > >>> Really thanks if someone could help me. > >>> > >>> -- > >>> Vinicius Ruoso - [EMAIL PROTECTED] > >>> C3SL: http://www.c3sl.ufpr.br > >>> > >>> -- > >>> To unsubscribe from this list go to the following URL and read the > >>> instructions: https://lists.samba.org/mailman/listinfo/samba > >>> > >> > > > > > > -- > > Vinicius Ruoso - [EMAIL PROTECTED] > > C3SL: http://www.c3sl.ufpr.br > > > > -- --- Vinicius Kwiecien Ruoso - [EMAIL PROTECTED] C3SL: http://www.c3sl.ufpr.br -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
